// -*- IDL -*-

//=============================================================================
/**
 *  @file   CSIIOP.idl
 *
 *  @author Object Management Group
 */
//=============================================================================

#ifndef _CSIIOP_IDL_
#define _CSIIOP_IDL_

#include "tao/IOP.pidl"
#include "CSI.idl"
//import ::IOP
//import ::CSI

module IOP
{
  const ComponentId TAG_CSI_SEC_MECH_LIST = 33;
  const ComponentId TAG_NULL_TAG = 34;
  const ComponentId TAG_SECIOP_SEC_TRANS = 35;
  const ComponentId TAG_TLS_SEC_TRANS = 36;
};

module CSIIOP {
  typeprefix CSIIOP "omg.org";

  // Association options
  typedef unsigned short AssociationOptions;

  const AssociationOptions NoProtection = 1;
  const AssociationOptions Integrity = 2;
  const AssociationOptions Confidentiality = 4;
  const AssociationOptions DetectReplay = 8;
  const AssociationOptions DetectMisordering = 16;
  const AssociationOptions EstablishTrustInTarget = 32;
  const AssociationOptions EstablishTrustInClient = 64;
  const AssociationOptions NoDelegation = 128;
  const AssociationOptions SimpleDelegation = 256;
  const AssociationOptions CompositeDelegation = 512;
  const AssociationOptions IdentityAssertion = 1024;
  const AssociationOptions DelegationByClient = 2048;

  // The high order 20-bits of each ServiceConfigurationSyntax constant
  // shall contain the Vendor Minor Codeset ID (VMCID) of the
  // organization that defined the syntax. The low order 12 bits shall
  // contain the organization-scoped syntax identifier. The high-order 20
  // bits of all syntaxes defined by the OMG shall contain the VMCID
  // allocated to the OMG (that is, 0x4F4D0).
  typedef unsigned long ServiceConfigurationSyntax;

  const ServiceConfigurationSyntax SCS_GeneralNames = CSI::OMGVMCID | 0;
  const ServiceConfigurationSyntax SCS_GSSExportedName = CSI::OMGVMCID | 1;

  typedef sequence <octet> ServiceSpecificName;

  // The name field of the ServiceConfiguration structure identifies a
  // privilege authority in the format identified in the syntax field. If the
  // syntax is SCS_GeneralNames, the name field contains an ASN.1 (BER)
  // SEQUENCE [1..MAX] OF GeneralName, as defined by the type GeneralNames in
  // [IETF RFC 2459]. If the syntax is SCS_GSSExportedName, the name field
  // contains a GSS exported name encoded according to the rules in
  // [IETF RFC 2743] Section 3.2, "Mechanism-Independent Exported Name
  // Object Format," p. 84.

  struct ServiceConfiguration {
    ServiceConfigurationSyntax syntax;
    ServiceSpecificName name;
  };

  typedef sequence <ServiceConfiguration> ServiceConfigurationList;

  // The body of the TAG_NULL_TAG component is a sequence of octets of
  // length 0.

  // type used to define AS layer functionality within a compound mechanism
  // definition

  struct AS_ContextSec {
    AssociationOptions target_supports;
    AssociationOptions target_requires;
    CSI::OID client_authentication_mech;
    CSI::GSS_NT_ExportedName target_name;
  };

  // type used to define SAS layer functionality within a compound mechanism
  // definition

  struct SAS_ContextSec {
    AssociationOptions target_supports;
    AssociationOptions target_requires;
    ServiceConfigurationList privilege_authorities;
    CSI::OIDList supported_naming_mechanisms;
    CSI::IdentityTokenType supported_identity_types;
  };

  // type used in the body of a TAG_CSI_SEC_MECH_LIST component to
  // describe a compound mechanism

  struct CompoundSecMech {
    AssociationOptions target_requires;
    IOP::TaggedComponent transport_mech;
    AS_ContextSec as_context_mech;
    SAS_ContextSec sas_context_mech;
  };

  typedef sequence <CompoundSecMech> CompoundSecMechanisms;

  // type corresponding to the body of a TAG_CSI_SEC_MECH_LIST
  // component

  struct CompoundSecMechList {
    boolean stateful;
    CompoundSecMechanisms mechanism_list;
  };

  struct TransportAddress {
    string host_name;
    unsigned short _port;
  };

  typedef sequence <TransportAddress> TransportAddressList;

  // Tagged component for configuring SECIOP as a CSIv2 transport mechanism

  const IOP::ComponentId TAG_SECIOP_SEC_TRANS = 35;

  struct SECIOP_SEC_TRANS {
    AssociationOptions target_supports;
    AssociationOptions target_requires;
    CSI::OID mech_oid;
    CSI::GSS_NT_ExportedName target_name;
    TransportAddressList addresses;
  };

  // tagged component for configuring TLS/SSL as a CSIv2 transport mechanism

  const IOP::ComponentId TAG_TLS_SEC_TRANS = 36;

  struct TLS_SEC_TRANS {
    AssociationOptions target_supports;
    AssociationOptions target_requires;
    TransportAddressList addresses;
  };

}; //CSIIOP

#endif
